Code signing failure - SHA1DSA ?

[cheese]

I tried code signing my app with 2.02. First thing I noticed was that my keystore/password settings went missing.

Second - when I finally re-added my keystore - I got the error below.

I got it to work by running the command line explicitly - specifying signature algorithm SHA1RSA - instead of the "SHA1DSA" default method generated by B4A. I had to call zipalign manually as well.

Were there changes to this aspect of the program?

Compiling code.                         0.73
Compiling layouts code.                 0.06
Generating R file.                      0.00
Compiling generated Java code.          7.09
Convert byte code - optimized dex.      3.25
Packaging files.                        1.53
Copying libraries resources             0.08
   Found 2 resource files.
Signing package file (private key)      Error

jarsigner error: java.security.SignatureException: private key algorithm is not compatible with signature algorithm

 

[Erel]

There were no changes related to the sign key process in v2.02. There were changes in v1.90. However up until now there were no issues with those changes.

 

[cheese]

Thanks for your reply, Erel.

Can you share whether there is an expectation that signing keys have a SHA1DSA signature? Was this expectation introduced - or could there be a configuration error in my installation?

Cheers,
Cheese

 

[Erel]

Can you share whether there is an expectation that signing keys have a SHA1DSA signature?

Yes. The expectation was implicit until v1.90. Starting from v1.90 it is now explicit. This change was related to an issue with Java 7.

 

[cheese]

Thanks for clearing that up. Was this change documented - did I misread one of your notes?

What's strange is I have been using this signing key since before 1.90 and I never got an error. I use Java 1.6.

Is there anyway we can make this configurable- I am faced with having to manually sign and zipalign my apk's if I want to keep using the same key and use B4A for android development.

Cheers

 

[Erel]

The change was not supposed to break any existing keys. This is the first report we encounter.

Currently it is not configurable. As you only need to sign with your key before you distribute the app, I recommend you to work with the debug key during development.

 

[timo]

I have the same problem with 2.2 and 2.3. I reinstalled 2.0 and the private key doesn't give me problems any more. (??)
(Clean Project: no effect)

 

[timo]

Solved: The Key wasn't read only (and deleted from object folder while compiling)